Disclaimer: In no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this guide. Please ensure you read the full disclaimer before proceeding . By proceeding you confirm you have read and agree to these terms.
PLEASE READ BEFORE CONTINUING:
If you are a home user; Reconsider using Cisco as a manufacturer for your router. I cannot recommend Cisco at this time If you’re buying a second hand router. This is due to the new requirement for Cisco Smart licensing which makes it almost impossible to get the correct licenses and support applied to your router if you purchased it second hand.
This is the configuration only guide for configuring a Cisco C1100 series ISR for BT Ultrafast 2 Broadband including IPv6 and BT TV / Youview. The purpose of this post is to list the commands required to configure the device to be used as a reference. The full guide with the commands explained can be found here.
For reference VLAN 1 represents any internal VLANs you have and VLAN 2 represents the Youview IPTV VLAN. Interface GigabitEthernet0/1/0 represents where the Youview box is patched. This is not a complete list of commands required to configure the device; Just the relevant commands.
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool VL1_LAN
network 192.168.1.0 255.255.255.0
dns-server 8.8.8.8 8.8.4.4
default-router 192.168.1.1
lease 0 8
!
ipv6 source-route
ipv6 unicast-routing
ipv6 dhcp pool IPv6
dns-server 2001:4860:4860::8888
dns-server 2001:4860:4860::8844
!
no cdp run
!
class-map type inspect match-any ICMPv6-inbound
match access-group name ICMPv6-in
class-map type inspect match-any ICMPv6-outbound
match access-group name ICMPv6-out
!
class-map type inspect match-any IP-outbound
match protocol udp
match protocol tcp
!
class-map type inspect match-any ICMPv4-outbound
match protocol icmp
!
policy-map type inspect ToInternet
class type inspect IP-outbound
inspect
class type inspect ICMPv6-outbound
pass
class type inspect ICMPv4-outbound
inspect
class class-default
drop
!
policy-map type inspect FromInternet
class type inspect ICMPv6-inbound
pass
class class-default
drop
!
zone security inside
zone security outside
zone security BTTV
zone-pair security BTTV-->outside source BTTV destination outside
service-policy type inspect ToInternet
zone-pair security inside-->outside source inside destination outside
service-policy type inspect ToInternet
zone-pair security outside-->BTTV source outside destination BTTV
service-policy type inspect FromInternet
zone-pair security outside-->inside source outside destination inside
service-policy type inspect FromInternet
!
interface GigabitEthernet0/0/0
description WAN - FTTP Uplink
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
zone-member security outside
negotiation auto
no cdp enable
pppoe enable group global
pppoe-client dial-pool-number 1
no mop enabled
!
interface Vlan1
description VLAN1 LAN
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
zone-member security inside
ipv6 address IP-V6 ::1:0:0:0:1/64
ipv6 enable
ipv6 nd other-config-flag
ipv6 dhcp server IPv6
no mop enabled
!
interface Vlan2
description VLAN2 Youview
ip address 172.16.0.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
zone-member security BTTV
no mop enabled
!
interface GigabitEthernet0/1/0
description BT TV connection
switchport access vlan 40
switchport mode access
no cdp enable
spanning-tree portfast
!
interface Dialer1
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
zone-member security outside
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
no cdp enable
ipv6 address IP-V6 ::1/64
ipv6 enable
ipv6 dhcp client pd IP-V6 rapid-commit
ppp mtu adaptive
ppp authentication chap callin
ppp chap hostname bthomehub@btbroadband.com
ppp chap password 7 030A541F140A3059471B1C01
ppp ipcp dns request
ppp ipcp route default
!
ip nat inside source list Internet-Permitted interface Dialer1 overload
ip forward-protocol nd
!
ip access-list standard Internet-Permitted
remark == Permit NAT for Internet Access ==
permit 192.168.1.0 0.0.0.255
permit 172.16.0.0 0.0.0.3
ip access-list standard NTP
remark == Permit NTP clients ==
permit 10.0.0.0 0.255.255.255
deny any
ip access-list standard SNMPv3
remark == Permit SNMP monitor ==
permit 192.168.0.0 0.0.0.255
deny any
ip access-list standard SSH
remark == Permit SSH access ==
permit 192.168.0.0 0.0.0.255
deny any
!
ipv6 route ::/0 Dialer1
!
ipv6 access-list ICMPv6-in
permit icmp any any echo-reply
permit icmp any any echo-request
permit icmp any any no-route
permit icmp any any packet-too-big
permit icmp any any hop-limit
permit icmp any any header
permit icmp any any next-header
permit icmp any any parameter-option
permit icmp any any time-exceeded
deny ipv6 any any
!
ipv6 access-list ICMPv6-out
permit icmp any any nd-na
permit icmp any any nd-ns
permit ipv6 any any
!
line vty 0 15
access-class SSH in
transport input ssh
line vty 5 15
access-class SSH in
transport input ssh
!
ntp source Dialer1
ntp access-group query-only NTP
ntp master 2
ntp server 194.80.204.184
ntp server 195.219.205.9
ntp server 178.62.250.107
ntp server 178.79.155.116 prefer
!
!
!
!
!
end
In addition to the configuration the following settings are required on the youview box.
IP Address: 172.16.0.2 Subnet mask: 255.255.255.252 Gateway: 172.16.0.1 Primary DNS: 62.6.40.178 Secondary DNS: 62.6.40.162
You will also need to physically bridge the following interfaces with a dumb switch that won’t interfere with the traffic flow:
1 The BT ONT 2 The WAN port of the ISR (Gi0/0/0 above) 3 The LAN port for the IPTV VLAN (Gi0/1/0 above) 4 The Youview IPTV box
I can confirm that a Netgear GS305 works for this purpose.
Hello,
Great blog, I quite fancy a Cisco C1100 series ISR to do as you have.
Is your model the Cisco ISR 1100 from Ebuyer (QuickFind: 865132), £235 ish???
Keen not to get the wrong one.
Thanks
No. This looks like it’s the POE module for the ISR1100-8P with the 150 Watt power supply. To my knowledge the module is not user-serviceable either and needs to be ordered at the same time as the router itself. Expect to pay £3-500 for a used C1100-8P on eBay. The C1100-4P can be found cheaper as it has fewer ethernet ports however it has less throughput.